Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(gap): Regulatory Gap Analysis Engine — Phase A Backend

Browse Source 
Product Profile → Regulatory Classification → MC Gap Assessment → Priority List.

- 12 regulations supported (CRA, AI Act, NIS2, DSGVO, Data Act, MiCA, PSD2, AML, MDR, Machinery, TDDDG, LkSG)
- Scope signal extraction from product profile
- Priority scoring: Severity × Deadline × Dependency
- 5 industry templates (IoT, Exchange, Cobot, SaaS, Medical)
- 8 API endpoints under /sdk/v1/gap/
- DB migration for gap_projects table
- Full build passes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-10 23:11:30 +02:00
parent 58f370f4ff
commit dabc2358ab
9 changed files with 1396 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-compliance-sdk/internal/gap/models.go
+149
View File
@@ -0,0 +1,149 @@
// Package gap implements the Regulatory Gap Analysis Engine.
//
// Given a product profile, the engine determines which regulations apply,
// identifies gaps against Master Controls, and produces a prioritized
// action list.
package gap
import (
"time"
"github.com/google/uuid"
)
// ── Product Profile ─────────────────────────────────────────────────
// ProductType classifies the product category.
type ProductType string
const (
ProductTypeSoftware ProductType = "software"
ProductTypeHardware ProductType = "hardware"
ProductTypeIoT ProductType = "iot"
ProductTypeSaaS ProductType = "saas"
ProductTypeExchange ProductType = "exchange"
ProductTypeMedicalDevice ProductType = "medical_device"
ProductTypeMachinery ProductType = "machinery"
ProductTypeOther ProductType = "other"
)
// ProductProfile describes a customer's product for gap analysis.
type ProductProfile struct {
ID uuid.UUID `json:"id" db:"id"`
TenantID uuid.UUID `json:"tenant_id" db:"tenant_id"`
Name string `json:"name" db:"name"`
Description string `json:"description" db:"description"`
ProductType ProductType `json:"product_type" db:"product_type"`
// Technology stack
Technologies []string `json:"technologies" db:"-"` // encryption, api, blockchain, ai, ota_updates, cloud
// Data processing categories
DataProcessing []string `json:"data_processing" db:"-"` // personal_data, health_data, financial_data, telemetry
// Target markets
Markets []string `json:"markets" db:"-"` // EU, DE, AT, CH, US
// Boolean flags (derived from technologies or set explicitly)
ConnectedToInternet bool `json:"connected_to_internet" db:"connected_to_internet"`
HasSoftwareUpdates bool `json:"has_software_updates" db:"has_software_updates"`
UsesAI bool `json:"uses_ai" db:"uses_ai"`
ProcessesPersonalData bool `json:"processes_personal_data" db:"processes_personal_data"`
IsCriticalInfraSupplier bool `json:"is_critical_infra_supplier" db:"is_critical_infra_supplier"`
// Existing certifications (reduces gap count)
ExistingCertifications []string `json:"existing_certifications" db:"-"` // ISO27001, CE, SOC2
// Metadata
CreatedAt time.Time `json:"created_at" db:"created_at"`
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
}
// ── Regulation Classification ───────────────────────────────────────
// RegulationID identifies a regulation.
type RegulationID string
const (
RegCRA RegulationID = "cra"
RegAIAct RegulationID = "ai_act"
RegNIS2 RegulationID = "nis2"
RegDSGVO RegulationID = "dsgvo"
RegDataAct RegulationID = "data_act"
RegMiCA RegulationID = "mica"
RegPSD2 RegulationID = "psd2"
RegAML RegulationID = "aml"
RegMDR RegulationID = "mdr"
RegMachinery RegulationID = "machinery_regulation"
RegEAA RegulationID = "eaa"
RegTDDDG RegulationID = "tdddg"
RegLkSG RegulationID = "lksg"
)
// ApplicableRegulation describes a regulation that applies to a product.
type ApplicableRegulation struct {
ID RegulationID `json:"id"`
Name string `json:"name"`
Applicable bool `json:"applicable"`
Confidence float64 `json:"confidence"`
Reasoning string `json:"reasoning"`
Deadline *time.Time `json:"deadline,omitempty"`
RiskLevel string `json:"risk_level"` // high, medium, low
Requirements []string `json:"requirements,omitempty"`
}
// ── Gap Analysis ────────────────────────────────────────────────────
// GapStatus indicates how well a control is fulfilled.
type GapStatus string
const (
GapFulfilled GapStatus = "fulfilled"
GapPartial GapStatus = "partial"
GapMissing GapStatus = "missing"
GapUnclear GapStatus = "unclear"
)
// GapItem represents a single gap finding.
type GapItem struct {
MCID string `json:"mc_id"`
MCName string `json:"mc_name"`
Regulation RegulationID `json:"regulation"`
Status GapStatus `json:"status"`
Title string `json:"title"`
Description string `json:"description"`
Severity string `json:"severity"` // CRITICAL, HIGH, MEDIUM, LOW
Priority Priority `json:"priority"`
Recommendation string `json:"recommendation"`
ControlCount int `json:"control_count"`
}
// Priority determines the order of action.
type Priority struct {
Score float64 `json:"score"`
SeverityFactor float64 `json:"severity_factor"`
DeadlineFactor float64 `json:"deadline_factor"`
DependencyFactor float64 `json:"dependency_factor"`
Rank int `json:"rank"`
}
// ── Gap Report ──────────────────────────────────────────────────────
// GapReport is the full analysis result.
type GapReport struct {
ProfileID uuid.UUID `json:"profile_id"`
ProfileName string `json:"profile_name"`
Regulations []ApplicableRegulation `json:"regulations"`
Summary GapSummary `json:"summary"`
Gaps []GapItem `json:"gaps"`
CreatedAt time.Time `json:"created_at"`
}
// GapSummary provides aggregate statistics.
type GapSummary struct {
TotalApplicableRegulations int `json:"total_applicable_regulations"`
TotalGaps int `json:"total_gaps"`
GapsByStatus map[string]int `json:"gaps_by_status"`
GapsBySeverity map[string]int `json:"gaps_by_severity"`
GapsByRegulation map[string]int `json:"gaps_by_regulation"`
OverallCompliancePercent float64 `json:"overall_compliance_percent"`
EstimatedEffortWeeks float64 `json:"estimated_effort_weeks"`
}